Results 1 to 2 of 2

Thread: virtuamonde vundo.

  1. 2008-12-16, 01:32 #1
    Tesrson16
    Tesrson16 is offline
    Junior Member
    Join Date
    Dec 2008
    Posts
    12

    Default virtuamonde vundo.

    I got this virus yesterday. I have researched various things and tried many things on this site. Can anyone tell me if these logs look ok. This is after Combofix and a last Hijack this. Thanks in advance for any help.

    ComboFix 08-12-15.01 - Owner 2008-12-15 19:18:52.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.220 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
    .

    2008-12-15 18:02 . 2008-12-15 18:02 <DIR> d-------- c:\program files\Trend Micro
    2008-12-15 17:57 . 2008-12-15 17:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
    2008-12-15 17:56 . 2008-12-15 17:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-15 17:56 . 2008-12-15 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-15 17:56 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-15 17:56 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-15 02:19 . 2008-12-15 02:19 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-15 02:06 . 2008-12-15 02:06 <DIR> d-------- C:\VundoFix Backups
    2008-12-14 21:52 . 2008-12-14 21:56 <DIR> d-------- c:\program files\Windows Live Safety Center
    2008-11-22 16:06 . 2008-11-22 16:06 <DIR> d-------- C:\DriveKey
    2008-11-18 19:06 . 2008-11-18 19:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\Corel
    2008-11-18 19:01 . 2008-11-18 19:01 <DIR> d-------- c:\program files\Common Files\Borland Shared
    2008-11-18 19:00 . 2008-11-18 19:00 <DIR> d-------- c:\windows\ShellNew
    2008-11-18 18:59 . 2008-11-18 19:00 <DIR> d-------- c:\program files\WordPerfect Office 12
    2008-11-18 18:59 . 2008-11-18 18:59 <DIR> d-------- c:\program files\Common Files\Corel

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-16 00:18 --------- d-----w c:\program files\Common Files\Akamai
    2008-12-15 11:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-15 04:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-22 21:06 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-19 00:00 --------- d-----w c:\program files\Common Files\InstallShield
    2008-11-15 17:36 --------- d-----w c:\program files\MSXML 4.0
    2008-11-14 17:59 --------- d-----w c:\program files\Common Files\Motorola Shared
    2008-11-14 17:33 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-11-14 17:33 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-11-13 00:40 --------- d-----w c:\program files\MSXML 6.0
    2008-11-10 01:36 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
    2008-11-09 19:04 --------- d-----w c:\documents and settings\Owner\Application Data\Sony
    2008-11-09 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-11-09 18:58 --------- d-----w c:\program files\Common Files\Sony Shared
    2008-11-09 18:57 --------- d-----w c:\program files\Sony
    2008-11-09 18:48 --------- d-----w c:\program files\Sony Setup
    2008-11-01 20:22 --------- d-----w c:\program files\CCleaner
    2008-10-30 02:01 --------- d-----w c:\program files\Lavasoft
    2008-10-25 17:10 --------- d-----w c:\program files\CDBurnerXP
    2008-10-25 17:10 --------- d-----w c:\documents and settings\Owner\Application Data\Canneverbe_Limited
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
    2008-10-06 23:24 13,680,375 ----a-w c:\program files\MOTV220RPDCB02-Drivers.zip
    2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-04-29 00:11 20 ----a-w c:\program files\Sims2Pack Clean Installer.ini
    2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "WordPerfect Office 1215"="c:\program files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 733184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.iv41"= ir41_32.dll
    "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
    "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184]
    R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-12 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-30 20560]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-03-02 24652]
    S3 cdiskdun;cdiskdun;\??\c:\docume~1\Owner\LOCALS~1\Temp\cdiskdun.sys []
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-11-14 42112]
    S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [2008-10-06 38272]
    S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\DRIVERS\USB100M.SYS [2008-02-29 27519]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{84DF8550-A5BB-4380-9B1D-D3F6924B9A47} - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    TCP: {1DCE094F-C628-422E-9D51-B988B530A02F} = ,
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9jkwkgxj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 19:19:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-12-15 19:20:48
    ComboFix-quarantined-files.txt 2008-12-16 00:20:28

    Pre-Run: 48,461,549,568 bytes free
    Post-Run: 48,451,166,208 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    175 --- E O F --- 2008-12-12 01:47:07


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:23:22 PM, on 12/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=121808 serial=WA12WRX-0000002-HMD lang=EN
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCE094F-C628-422E-9D51-B988B530A02F}: NameServer = ,
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1DCE094F-C628-422E-9D51-B988B530A02F}: NameServer = ,
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1DCE094F-C628-422E-9D51-B988B530A02F}: NameServer = ,
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8070 bytes
  2. 2008-12-16, 03:54 #2
    Tesrson16
    Tesrson16 is offline
    Junior Member
    Join Date
    Dec 2008
    Posts
    12

    Default

    After doing this, my system seems to be running better, but I have scanned with spybot S&D 2 times and the Virtumonde.generic keeps popping back up.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules